Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2023-10-27 CVE-2023-34059 open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
local
high complexity
vmware debian
7.0
2023-10-26 CVE-2023-46234 Improper Verification of Cryptographic Signature vulnerability in multiple products
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js.
network
low complexity
browserify debian CWE-347
7.5
2023-10-25 CVE-2023-5367 Out-of-bounds Write vulnerability in multiple products
A out-of-bounds write flaw was found in the xorg-x11-server.
local
low complexity
x-org redhat fedoraproject debian CWE-787
7.8
2023-10-25 CVE-2023-5380 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the xorg-x11-server.
local
high complexity
x-org redhat fedoraproject debian CWE-416
4.7
2023-10-25 CVE-2023-41983 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The issue was addressed with improved memory handling.
network
low complexity
apple fedoraproject debian CWE-119
6.5
2023-10-25 CVE-2023-42852 A logic issue was addressed with improved checks.
network
low complexity
apple fedoraproject debian
8.8
2023-10-25 CVE-2023-46316 In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.
local
low complexity
buc debian
5.5
2023-10-25 CVE-2023-5363 Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths.
network
low complexity
openssl debian netapp
7.5
2023-10-25 CVE-2023-5472 Use After Free vulnerability in multiple products
Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
network
low complexity
google debian fedoraproject CWE-416
8.8
2023-10-25 CVE-2023-5721 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay.
network
low complexity
mozilla debian CWE-1021
4.3